October 15, 2024 at 02:03PM
Apple has released an update for macOS Sonoma 14.6 addressing multiple vulnerabilities, including issues related to privacy breaches, unauthorized data access, and potential app crashes. The update improves security through enhanced checks, memory handling, and input validation to mitigate risks associated with malicious applications and crafted files.
### Meeting Takeaways on macOS Sonoma 14.6 Security Updates
**Release Information:**
– **Apple ID:** 120911
– **Release Date:** July 29, 2024
– **Affected Product:** macOS Sonoma 14.6
**Security Vulnerabilities Addressed:**
1. **CVE-2024-40804**
– **Description:** Improved checks implemented.
– **Impact:** Malicious applications may access private information.
2. **Open Source Vulnerabilities (CVE-2023-38709, CVE-2024-24795, CVE-2024-27316)**
– **Description:** Multiple issues primarily in Apache.
– **Impact:** Apple software is affected.
3. **Code-signing Issues (CVE-2024-40783, CVE-2024-40774, CVE-2024-40814)**
– **Description:** Additional code-signing restrictions added.
– **Impact:** Applications may bypass privacy preferences.
4. **User Information Leakage (CVE-2024-40775)**
– **Description:** Additional code-signing restrictions added.
– **Impact:** Potential leakage of sensitive user information.
5. **Memory Handling Issues (CVE-2024-27877, CVE-2024-27878)**
– **Description:** Improved handling implemented.
– **Impact:** Malformed files may cause app termination.
6. **Out-of-Bounds Issues**
– Multiple CVEs (CVE-2024-40799, CVE-2024-27873, CVE-2024-40806)
– **Impact:** Maliciously crafted files may lead to unexpected app termination.
7. **Curl Vulnerabilities**
– Multiple CVEs (CVE-2024-2004, CVE-2024-2398)
– **Description:** Open source vulnerabilities.
– **Impact:** May affect curl implementations.
8. **File Overwrite Risks (CVE-2024-40827)**
– **Description:** Improved checks added.
– **Impact:** Potential for arbitrary file overwriting.
9. **Privacy Issues**
– Various CVEs (CVE-2024-40796, CVE-2024-40832)
– **Impact:** Possible access to sensitive data such as browsing history.
10. **User Data Access Issues**
– Multiple CVEs (CVE-2024-40778, CVE-2024-40800)
– **Impact:** Unauthorized access to user data such as contacts.
11. **Siri Attacks (CVE-2024-40793)**
– **Description:** Restrictions added for locked devices.
– **Impact:** Protects sensitive user data from physical access.
12. **Root Privilege Issues (CVE-2024-40828)**
– **Description:** Improvements to privilege escalation prevention.
– **Impact:** Malicious apps may be restricted from gaining root access.
13. **Unexpected Process Crashes**
– Multiple CVEs related to web content vulnerabilities, including (CVE-2024-4558).
– **Impact:** Processing malicious web content may crash processes.
14. **Unintended Private Browsing Access (CVE-2024-40794)**
– **Description:** State management improved.
– **Impact:** Private browsing tabs may be accessed without authentication.
### Conclusion
Users are encouraged to update to macOS Sonoma 14.6 to mitigate these vulnerabilities and ensure enhanced security. Further details and updates can be accessed via cve.org for the specific CVEs listed.